webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-10 11:05:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,676 Commits 2 Branches 1 Tag
0628d956a7cc1d952b236494de0559cbea52c0ff
Commit Graph

166 Commits

Author SHA1 Message Date
Michael Tremer
f3dfb261c8 OpenVPN: Mark SHA1 as weak 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-28 13:03:46 +01:00
Michael Tremer
7090074557 OpenVPN: Use SHA512 by default 
This will break compatibility with old clients like
Windows XP, but these are too old now to be supported.

SHA1 is considered to be weak and should not be used any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2017-04-28 13:01:41 +01:00
Erik Kapfer
964700d414 openvpn: Update to version 2.3.7, added --verify-x509-name directive. 
The tls-remote directive is deprecated and will be removed with
OpenVPN version 2.4 . Added instead --verify-x509-name HOST name
into ovpnmain.cgi.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-01-04 22:41:46 +00:00
Alexander Marx
35a21a254d BUG10902: Add statusfile line when editing an ovpn n2n connection 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-11-09 17:36:10 +00:00
Michael Tremer
2913185aa4 openvpn: The --up option only takes one single argument 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-11-05 11:44:57 +00:00
Michael Tremer
a4e9b9d8e0 openvpn: Apply static routes on client site as well 
Fixes: #10968

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-11-05 11:44:04 +00:00
Michael Tremer
b22d8aaf4a openvpn: Embed the certificate and key file into configuration 
This will allow to import just the configuration file
into iOS and establish the VPN connection. Also works
with many other OpenVPN clients.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-11-04 21:10:47 +00:00
Michael Tremer
71af643cda openvpn: Add option to download a client package with PEM files 
This patch adds the option to download a client package
that comes with a regular PEM and key file instead of a
PKCS12 file which is easier to use with clients that
don't support PKCS12 (like iOS) opposed to converting
the file manually.

This requires that the connection is created without
using a password for the certificate. Then the certificate
is already stored in an insecure way.

This patch also adds this to the Core Update 95 updater.

Fixes: #10966

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
CC: Alexander Marx <alexander.marx@ipfire.org>
 2015-11-04 21:10:41 +00:00
Michael Tremer
3045d6abde openvpn: Apply static routes when N2N connection comes up 
Fixes: #10968

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-11-04 21:10:27 +00:00
Lars Schuhmacher
e3edceeb7a Mark required input fields with a star 
Mark required input fields with a star as nowadays this is
the de-facto default. Before, it was the other way around and
optional fields were marked.

Signed-off-by: Lars Schumacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-21 16:40:41 +01:00
Stefan Schantl
fde9c9dd03 ovpnmain.cgi: Update the certificate revocation list when a connection has been deleted. 
Reference #10554.
 2015-04-19 12:51:44 +02:00
Arne Fitzenreiter
65f2c9bb39 Merge remote-tracking branch 'origin/master' into next 2015-04-14 17:59:21 +02:00
Alexander Marx
7dfcaef067 vpn-statistic: add collectd parameters to imported n2n packages 2015-04-14 13:55:40 +02:00
Stefan Schantl
ad50a299c8 Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into next 2015-04-12 23:23:40 +02:00
Stefan Schantl
578f23c8e1 ovpnmain.cgi: Fix layout of CA related elements. 
Those elements where displayed out of the main box in the past.
 2015-04-12 23:18:11 +02:00
Michael Tremer
79e7688b69 ovpnmain.cgi: Remove DDEVICE setting 
This was used to select a TUN or TAP device from which TAP
was never supported anyway.
 2015-04-12 22:33:41 +02:00
Michael Tremer
1e499e90d7 openvpn: Stop N2N connections before they are removed 2015-04-10 13:32:48 +02:00
Michael Tremer
187590f791 openvpn: Move remving files in /var/run to openvpnctrl 2015-04-10 13:27:32 +02:00
Alexander Marx
82e454712b ovpnmain.cgi: Remove duplicate code to remove a connection 2015-04-10 13:13:02 +02:00
Alexander Marx
323be7c44f ovpnmain.cgi: Fix indentation and code cleanup 
No functional change
 2015-04-10 13:12:14 +02:00
Michael Tremer
d72de3da14 openvpn: Remove stat files when connections are removed 2015-04-09 17:18:44 +02:00
Michael Tremer
2f36a7b43a openvpn: Remove RRDs when removing all connections at once 2015-04-09 17:11:16 +02:00
Alexander Marx
775b449431 openvpn: Update collectd configuration when connections are started/stopped 2015-04-09 16:44:07 +02:00
Michael Tremer
e1297cbb76 openvpn: Properly remove all RRDs after a connection is removed 2015-04-09 16:32:39 +02:00
Michael Tremer
3906cf7e85 Merge remote-tracking branch 'amarx/vpn-statistic1' into next 2015-01-13 17:37:18 +01:00
Alexander Marx
87fe47e9d9 vpn-statistic: Move logfiles to /var/run because of flash writes 2014-12-23 12:43:49 +01:00
Michael Tremer
18f2b3d171 Merge remote-tracking branch 'ummeegge/OpenVPN_additional_configs' into next 2014-12-08 19:12:48 +01:00
Michael Tremer
1450cfebde Merge remote-tracking branch 'ummeegge/OpenVPN_validating_N2N' into next 2014-12-08 19:12:39 +01:00
Erik Kapfer
badd8c1c63 OpenVPN_rand: Deleted pseudo-random generator option. 
Deleted the -rand /proc/interrupts:/proc/net/rt_cache option in ovpnmain.cgi
Fix #10682
 2014-12-06 13:03:59 +01:00
Erik Kapfer
f4fbb93510 OpenVPN: Added 'valid til (days)' field for N2N. 
Fixes #10680
 2014-11-13 10:40:42 +01:00
Erik Kapfer
ffbe77c8bc OpenVPN: Added additional configuration for server and clients 
* Added a possibility to manualy extend OpenVPNs server and client configuration.
* Added also a checkbox (on/off) in the WUI under 'Advanced server options' .
* Changed the order in 'Miscellaneous options' section for better overview.
* Optimized code in particular sections a little.
    Added a filehandle instead of system(touch...) for ccd* file generation.
    Unified the html code tags in processed section.
Fixes #10577
 2014-11-13 03:09:51 +01:00
Alexander Marx
5795fc1b55 vpn-statistic: added new statistic page for OpenVPN Roadwarrior 2014-09-18 16:29:10 +02:00
Erik Kapfer
194314b250 OpenVPN: Added a check for empty 'CERT_NAME' field. 
Fixes: #10581
 2014-07-31 15:39:49 +02:00
Michael Tremer
9d9c825b4e Merge branch 'cr_fix' of https://github.com/hadfl/ipfire-2.x into next 2014-07-19 11:34:50 +02:00
Alexander Marx
5b942f7f3b OpenVPN: change sortorder of client status and control. Now every network is sorted and displayed in a group 2014-07-14 11:48:36 +02:00
Alexander Marx
c8b51e28bf Openvpn: Change sortorder of client status and control 
Now every NET is sorted and second instance is the NAME of the VPN.
 2014-07-10 08:08:01 +02:00
Dominik Hassler
66298ef2de - remove cr for n2n server and client config 2014-07-09 23:32:58 +02:00
Michael Tremer
d6c50a8591 Merge remote-tracking branch 'amarx/10538' into next 2014-07-05 22:42:32 +02:00
Alexander Marx
ceb78c46f3 ovpnmain.cgi: Sortorder clientstatus and control - Type, Name 2014-06-16 11:48:18 +02:00
Erik Kapfer
525839f74f openvpn: Clean up DH download code. 2014-06-12 17:36:57 +02:00
Erik Kapfer
ad09461a43 openvpn:Deleted download possibility for DH param and fixed some typos. 
* Deleted DH-parameter download possibility in CA/key chart section.
* Fixed some typos in CA/key section.
 2014-06-12 16:17:02 +02:00
Erik Kapfer
fd5ccb2dd5 openvpn: Renamed CA chart, added ta.key to chart. 
* Added keys to CA chart and renamed CA specifics infos to
CA and key infos.
* Added ta.key to CA/key chart listing.
 2014-06-12 09:11:52 +02:00
Erik Kapfer
c8f503560f openvpn: Changed chart string for DH parameter and code cleanup. 
* Added PKCS infos for DH parameter string in the chart.
* Deleted some redundant '<td>'s and indent some code in chart section.
 2014-06-12 08:37:07 +02:00
Erik Kapfer
a0ad10ca68 openvpn: Deleted double entry. 
* 'my $authactive;' was two times defined, but only one time needed.
 2014-06-12 08:27:43 +02:00
Erik Kapfer
f7fb5bc5c9 openvpn: Added DH parameter to CA chart. 
Added also a 'Default' mark in N2N cipher menu for AES-256-CBC.

(cherry picked from commit c16d97c617)
 2014-05-28 20:24:28 +02:00
Erik Kapfer
92bed25016 openvpn: Fixed some typos 
(cherry picked from commit b585282abf)
 2014-05-28 20:24:10 +02:00
Erik Kapfer
4be45949e9 openvpn: Changed directioning and added additional generation for ta.key. 
Deleted the direction parameter 0 and 1 in ta.key directive for
compatibility purposes.
Added the ta.key generation also in PKI build process.
Replaced the ta.key to /certs instead of /ca and adapted the
apropriate paths.
 2014-05-18 09:35:26 +02:00
Erik Kapfer
53ce51761f openvpn: Drop unused code from cgi file. 
Deleted the following unused functions:

* checkportfw
* checkportoverlap
* checkportinc
* disallowreserved
 2014-05-17 21:50:19 +02:00
Erik Kapfer
754066e6c3 openvpn: Deleted double entries for TLSAUTH and DAUTH. 
Also drop remaining if clauses for Engines.
 2014-05-17 21:32:55 +02:00
Alf Høgemark
1638682beb cgi-bin: Add title attribute to input type image where missing 
Almost all of <input type="image"... has both an alt and a
title attribute, but some are missing title, and when the icon
is not very clear, it makes it harder to understand what the icon
does. By adding title, the browser displays text when mouse pointer
is over the icon.

Also add missing quotes for alt and title attributes where needed.
 2014-05-14 21:56:42 +02:00